Red Hat Security Advisory 2014-0423-01 - The openshift-origin-broker package provides the OpenShift Broker service that manages all user logins, DNS name resolution, application states, and general orchestration of the applications. The rubygem-openshift-origin-auth-remote-user package provides the remote user authentication plug-in. A flaw was found in the way openshift-origin-broker handled authentication requests via the remote user authentication plug-in. A remote attacker able to submit a request to openshift-origin-broker could set the X-Remote-User header, and send the request to a passthrough trigger, resulting in a bypass of the authentication checks to gain access to any OpenShift user account on the system.
f598489c43378ab1d4e656502a914e058b9c591b74e6b3a5a7c8e9656ca0e1afRed Hat Security Advisory 2014-0422-01 - The openshift-origin-broker package provides the OpenShift Broker service that manages all user logins, DNS name resolution, application states, and general orchestration of the applications. The rubygem-openshift-origin-auth-remote-user package provides the remote user authentication plug-in. A flaw was found in the way openshift-origin-broker handled authentication requests via the remote user authentication plug-in. A remote attacker able to submit a request to openshift-origin-broker could set the X-Remote-User header, and send the request to a passthrough trigger, resulting in a bypass of the authentication checks to gain access to any OpenShift user account on the system.
4bdc39e07f063683224e2c5b173c10db71b79172f5adf98767338f036c361d58
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed